Trust is an important thing to most intelligent species, and without it relationships and general interactions cease to flourish and are nothing more than a professional exchange of dialogue. When you think about trust and the part it plays in your relationships and interactions, it can often be hard to define. The trust you have with your four legged friend although similar would defined very differently to that of a close friend or partner. On reflection the obtaining of trust differs also, both can be influenced with treats and affection, but human trust tends to exist at a deeper level. So if this is true, why is it we can seemingly be easily duped by Cyber Criminals and the illusion of trust they create.
It comes down to influence, how we can manipulate information and its interpretation to use at both a conscious and subconscious level. The use of both Open Source Intelligence and acquired information, allows for individuals and groups involved in Cyber Crime to fuel their knowledge and power influence and manipulate their targets to achieve the required illusion of trust with their target.
The information gathered on a target allows the attacker to create a pretty accurate profile of their target, and potentially of that of their families and friends, as well as their interests both publicly and privately. The aim here is to either act as an individual of trust, or create a pre-text that will be considered trustworthy to aid in achieving their goals. Often when people read about someone who got duped, they are surprised as to how someone fell for such an attack, but what people fail to consider is that emotional states are often at play, and also the fact that the illusion of trust only needs to be maintained long enough to achieve the goal. The majority of people realise later on during the stage of reflection they got screwed over, and then feel humiliated and often don’t want to share information which could assist in reducing the risk of others suffer the same result.
Another key component in the illusion of trust circle, is the one we have with service providers we use online. We assume that the data we share with these establishments is safe and secure, perhaps we don’t even consider this information can be used for nefarious purposes (a future video is coming on social leakage), ignorance is bliss after all. We often don’t think of the value of our data, it could be used for identity theft which has various commercial value, or it could be confidential information in the form of medical and other personal information that has value, perhaps in the form of blackmail if its something you would prefer not to be disclosed. The recently breach of “Have an Affair” Ashley Maddison site is a prime example of where blackmail would be a direct attack avenue for those who’s details have been compromised.
Its important for us to think about the data we share, what can it be used for, how can it be leverage by the criminal world. It may not just be focused of the theft of the data itself, but for the access it permits them. This access may provide more sophistication in establishing their trust model to achieve more elaborate goals, it may reveal more information about your activities and interests to provide better targeting.
Demonstrate healthy paranoia in life, we should expect providers to be responsible custodians of our data, be that commercial, corporate or government, but if you are sensible you release you have your own interests to protect and a pragmatic approach to how and where you use your data can help. Don’t make assumptions, instead be informed and take actions as appropriate, embrace the online connected world and the wonders it brings, but be aware just like your trusting four legged companion it can and will bite back when the conditions are right.